The shortage of cyber security professionals in the EMEA region touched 291,000 in 2019, up from 142,000 in 2018 as the increase in hiring demand was much higher than the number of skilled professionals available, (ISC)² latest Cybersecurity Workforce Study has revealed.
The study was based on the number of cyber security professionals employed by organisations across all sectors and the demand for such professionals in countries like the United States, the UK, France, Germany, Canada, Australia, Brazil, Singapore, South Korea, Japan, and Mexico.
It found that presently there are around 2.8 million cyber security workers in these countries, with the United States accounting for 804,700 workers, the UK accounting for 289,000 workers, Mexico accounting for 341,000 workers and South Korea accounting for 201,000 workers. In Europe, the UK has more than twice as many cyber security professionals compared to France (121,000) and Germany (133,000).
Global shortage of cyber security professionals is over 4 million
Even though there are nearly three million cyber security professionals in these countries, the actual requirement for such professionals is much higher as the workforce gap has touched 600,000 in Latin America, 291,000 in Europe, 561,000 in North America, and 2.6 million in the Asia Pacific region excluding India and China.
Globally, the cyber security workforce gap touched 4.07 million in 2019, up from 2.93 million last year, indicating that almost all countries are unable to reduce the gap which is increasing at an alarming rate year-on-year.
"Using the workforce estimate of 2.8 million based on the 11 economies for which we provided a workforce estimate and the global gap estimate of 4.07 million, we can estimate that the global workforce needs to grow by 145%. It’s a big task, but our intent is to provide a goal for growing the workforce to help meet the increasing demand for cyber security professionals," (ISC)² said.
"In Europe, where the gap has almost doubled, we see an increasing hiring demand emerging in smaller companies with 1 to 99 employees and in companies with 500+ employees. In LATAM, where the gap has increased more significantly, we see stronger demand emerging in midsized companies with 100 to 499 employees as well as in large companies."
The study found that on a global scale, as many as 65% of organisations are facing a shortage of cyber security staff and 36 percent of cyber security professionals believe a lack of skilled personnel is their greatest job concern, with 27 percent highlighting a lack of resources and 24 percent highlighting inadequate budget for key security initiatives as their greatest concern.
Organisations willing to pay higher salaries to certified professionals
It also found that organisations are willing to pay higher salaries to cyber security professionals who hold security certifications such as CISSP, CCNA Security, CCSP, CCNP Security, CIW, GSAE, CCSK, CISA, and CASP+. While the average salary of certificate-holding professionals in Europe is $59,000, it is only $52,000 for professionals who do not have any certification.
The gap is much higher in the APAC region where the average salaries of certified and non-certified professionals are $63,000 and $37,000 respectively and in North America, the average salaries are $93,000 and $76,500 respectively.
What is good news for organisations is that globally, 59% of cyber security professionals are currently pursuing a new security certification or plan to do so within the next year. This might enable organisations with more than 500 employees to hire CISOs as only 62 percent of such organisations currently have CISOs.
However, considering that 65% of professionals intend to work in cyber security for their entire careers, organisations will need to address concerns such as a lack of resources, a lack of funds, and work stress in order to retain experienced staff while hiring additional staff in the meantime.
There are many other stumbling blocks that cyber security professionals face such as bearing the cost of cyber security certifications, unclear career path opportunities, a lack of job experience in the role, a lack of knowledge about cyber security skills within organisations, and the cost of formal education to properly prepare for career in cyber security.